Active3 months ago
- How To Scan For Mac Address
- Best Tool To Scan For Mac Addresses On Subnet
- Best Tool To Scan For Mac Addresses On Subnet Calculator
- Best Tool To Scan For Mac Addresses On Subnets
- Best Tool To Scan For Mac Addresses On Subnet Cheat
I am trying to find the live hosts on my network using nmap. I am scanning the network in Ubuntu using the command
sudo nmap -sP 192.168.2.1/24
. However, I am unable to find the live hosts. I just get the network address of my own PC as live. When I see the DHCP client list through my browser (my router can be accessed via browser using my network IP), I get around 10 live hosts on the network. Can anyone tell me the reason why this could be happening and how do I find the live hosts on my network?Angry IP Scanner is a standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBIOS information, etc.). In those cases, using arp-scan to scan MAC address is a quick way to find those devices. Arp-scan The ARP Scan Tool (also called ARP Sweep or MAC Scanner) is a very fast ARP packet scanner that shows every active IPv4 device on your Subnet.
TheRookierLearnerTheRookierLearner1,95744 gold badges1818 silver badges2626 bronze badges
- MAC Address Scan. The MAC address scan tool scans a given range of IP's and displays the MAC addresses for various devices available in the given range. This MAC address monitoring tool also displays the port number, community, MAC address, DNS name, system name, and system type.
- One of my favorite tools to manage a population of network hosts is the excellent tool NMap. It can easily and quickly be used to scan a large subnet for live hosts. It can easily and quickly be used to scan a large subnet for live hosts.
- I noticed when you select an IP entry in IPAM and click on View Details there is a field for MAC Assignment History. I've noticed in some it shows a MAC address based on SNMP but on just regular nodes (PCs for example) there is no MAC history.
8 Answers
This is the simplest way of performing host discovery with nmap.
Trojan horse removing tool for mac. Why does it not work all the time ?
When this command runs nmap tries to ping the given IP address range to check if the hosts are alive. If ping fails it tries to send syn packets to port 80 (SYN scan). This is not hundred percent reliable because modern host based firewalls block ping and port 80. Windows firewall blocks ping by default. The hosts you have on the network are blocking ping and the port 80 is not accepting connections. Hence nmap assumes that the host is not up.
So is there a workaround to this problem?
Yes. One of the options that you have is using the -P0 flag which skips the host discovery process and tries to perform a port scan on all the IP addresses (In this case even vacant IP addresses will be scanned). Obviously this will take a large amount of time to complete the scan even if you are in a small (20-50 hosts) network. but it will give you the results.
The better option would be to specify custom ports for scanning. Nmap allows you to probe specific ports with SYN/UDP packets. It is generally recommended to probe commonly used ports e.g. TCP-22 (ssh) or TCP-3389 (windows remote desktop) or UDP-161 (SNMP).
N.B. even after specifying custom ports for scanning you may not get an active host. A lot depends on how the host is configured and which services it is using. So you just have keep probing with different combinations.Remember, do not performs scans on a network without proper authorization.
update: When scanning a network you can never be sure that a particular command will give you all the desired results. The approach should be to start with basic ping sweep and if it doesn't work try guessing the applications that may be running on the hosts and probe the corresponding ports. The idea of using Wireshark is also interesting. You may want to try sending ACK packets.
update two: The flags -sP and -P0 are now known as -sn and -Pn respectively. However the older flags are still found to be working in the newer versions.
Ohnana4,69522 gold badges2020 silver badges3939 bronze badges
ShurmajeeShurmajee5,82144 gold badges2121 silver badges5656 bronze badges
The easiest way to check this is to verify the ARP-tables after doing the ping sweep using nmap:
This lists all hosts which responded to an ARP query, even the ones which filter ICMP.
Teun VinkTeun Vink5,88422 gold badges2323 silver badges3030 bronze badges
You might want to check out Wireshark. It logs all of the traffic on the local network. It will tell you which nodes are broadcasting. You can also see what is being transmitted. It's available in the Ubuntu Software Center.
Additionally here's a link about installing Wireshark on Ubuntu via command line.
How To Scan For Mac Address
In regard to the traffic that shows in your DHCP routing tables remember that a lot of Virtual Machines will show up as separate machines in the list. Anything that's connected to your network usually within the default 24 hour lease time (for most WiFi Routers) will still show in the list. You might want to check for the duration of the leases in the router. It might tell you if someone's on your network overnight. On some devices that have dual NICs or a NIC and a Wireless Card they'll show up twice if both interfaces are enabled.
Other things that a lot of people forget about being on the network:
- Managed Switches
- Some printers
- Server remote management cards
- Cell Phones
- Tivo and other DVRs
- Apple TVs
- Some Televisions
- DVD players
- Network A/V Receivers
- Playstations, XBox, Etc.
- Portable Gaming devices
- Ipads and other tablets
- Ipods and music players
- PDAs
- IP Phones like Magic Jack Plus
About 6 years ago at the office I was working in our little 3mb connection was down to 128k because of all of the excess traffic. The owners wanted to know if it was possible to see what was going on. The old part time IT guy shrugged his shoulders because not all of the traffic was going through their Windows 2000 server. He checked the routing tables and traffic logs in the server and saw nothing. They weren't using a router strangely enough, so anything on the network could get an address from the modem. The routing tables he looked at in the server were only for static mappings that existed a couple of years prior. I noticed they weren't on the same subnet. Then I showed them DHCP wasn't on in the server.
![Best Tool To Scan For Mac Addresses On Subnet Best Tool To Scan For Mac Addresses On Subnet](/uploads/1/2/6/0/126013928/772050723.gif)
I found all of the traffic coming in after hours on an overnight sweep with Wireshark. One of my coworkers was unknowingly hosting a Japanese sex site on his machine. The attackers had rooted his machine after he installed a backdoor which came along with a cracked version of a high-end video editing software. We also found out they were running
Tor
, demonoid
, and bitTorrent
on various machines in different departments at different times. Wireshark found everything. Next day internet was up to full speed.. we also installed a router. If you're not up for Wireshark you might also want to try
tcpdump
.AbsoluteƵERØAbsoluteƵERØ
This bash script will output the IP addresses of all the live hosts on a network.
Ricky WilsonRicky Wilson
Sometimes
arp -a -n
wont fetch the ip address.Performing nmap -sP 192.168.1.1/24
will retrieve live hosts and after that if you try arp
again, it will show the live hosts. Thats how it worked for me in linux mint. But you can rely on nmap
anyday.PraveenMaxPraveenMax
Once you have administrator privileges (i.e.,
root
), you can use netdiscover(8)
with -r
flag to specify different class and mask. It uses network class C /24 by default.For example:
$ sudo netdiscover -r 172.16.17.0/24
The output will be something like:
slayerslayer
If you also need host fingerprinting and don't mind using a free but closed source tool then
fing
is another option:Compared to
nmap 192.168.1.1/24 -n -sP
it is significantly faster and will also try to detect device manufacturers from the MAC addresses.Disclaimer: I have no affiliation with the tool or the company making it, and I have no clue what other things (evil or not) the tool might be doing under the hood. I've used their mobile apps for finding IP's on my LAN and found it useful.
![Best tool to scan for mac addresses on subnetting Best tool to scan for mac addresses on subnetting](/uploads/1/2/6/0/126013928/670615956.jpg)
ccpizzaccpizza
Example for finding host on a network:
etherape (GUI) show graphs of network activity.
Some other tools where mentioned above here too.
rocketrocket
Not the answer you're looking for? Browse other questions tagged nmaphost-discovery or ask your own question.
How do you use IP Scanner?
IP Scanner is a cloud tool that scans your local network and returns a sortable list of the devices it discovers. Devices can be filtered, searched, and exported to CSV. By default, it detects and scans a local subnet, though you can also define a custom IP range.
What details does the IP Scanner return?
The IP Scanner lists each device’s hostname, IP address, vendor, OS, MAC address, description, open ports, and if it’s up or down. The kind of data returned depends on the type of device being scanned.
Best Tool To Scan For Mac Addresses On Subnet
Add agents to your servers and workstations to get more detailed information like CPU, storage, memory, and network adapter details. You can even see the tickets for each device.
How do you set up the IP Scanner?
Best Tool To Scan For Mac Addresses On Subnet Calculator
IP Scanner uses a small downloadable scan agent to give it access to your local network. To get started click Download to install the scan agent. A wizard will quickly step you through installation.
Best Tool To Scan For Mac Addresses On Subnets
A browser page will launch and prompt you to scan the detected IP range. You can customize the IP range that will be scanned if the default range doesn’t discover all of your devices.
Best Tool To Scan For Mac Addresses On Subnet Cheat
When you’re ready to take your device information collection to the next level, go ahead and click the Agent Download button, then choose Download a Collection Agent. You can get the agent for both Windows and Mac. Then you’ll just copy the agent installer to each device you want to track. Want to save even more time? You can use Group Policy (or whatever 3rd party software distribution service you prefer) to deploy the agent in your network.